I hope I can explain this correctly, it's a strange issue and I'm wondering if I'm just missing something.
I deployed a new Meraki AP at a branch location, on a new VLAN (let's say vlan 16). The intention was to extend our secure wireless out to that branch. So the same SSID used at the main office is on the branch office AP.
However the main office is on VLAN 10. I added VLAN 16 to the branch office.
If I place a port in the new vlan and connect a laptop to it, the laptop connects to our LAN just fine. It gets a DHCP address as expected and can reach the gateway. Routing is good.
If I plug the Meraki into the same port in the same new vlan, it also gets a DHCP address and can be managed in the dashboard. It shows green. Works the same if I switch the access port to a trunk port which I've done.
If I connect a client to the SSID, it fails to grab a DHCP address and cannot reach the default gateway. It can however ping the Meraki. Otherwise no network access.
The SSID is configured with RADIUS for authentication. RADIUS seems to work because the client device can sign in and connect. They just get no network.
The last step I did was add the new VLAN to a RADIUS attribute but I ran out of time to test it.
The SSID, let's call it Company_Secure, has the following VLAN settings. I am not sure if I should tweak these, or if I'm going off into the woods on something that's not the issue.
Has anyone run into a similar issue?
Thank you for your time.
Just thinking about Radius and what I need to configure when I use a MR within a network with an Radius...
Wireless - Network access, you use WPA2 Enterprise with "my Radius Server"?
Your radius server is configured correctly and on the radius side the MR is configured as well (would recommend to use static IP for your MR)
I think to remember we had the same problem, beeing able to receive a IP but not the gateway, because the MR IP changed and wasn´t connected correctly to the radius server which caused that problem.
Do you have a separate network for that branch office or is that AP sitting in the main office meraki network on the dashboard? The branch office is on a separate network and is separated from the main office with a router. The router has a sub-interface with the new VLAN on it. The AP is at the branch office.
How do you have the port configured where the AP connects to? The port is currently set as a trunk port.
How do you have the access control settings configured for the SSID (assuming local LAN access is allowed). - It's set for direct access and the firewall allows local LAN
Assuming also you have the AP's tagged correctly? I believe so. I don't know though. The AP is tagged and the tag was added to the Company_Secure SSID and the SSID shows up. Then I added another tag for the VLAN ID as shown above in the screenshot.
Ok, so I did two things, not sure which helped but my problem is now resolved.
1) I added VLANs to the RADIUS server as attributes
2) I re-did the tagging for the VLAN I added to the Company_Secure SSID. So I made a tag called "VLAN16", added it to the AP, and added it to the VLANs on the SSID
The client also had to delete the wireless profile and re-add it before it worked.